Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831207

Summary: Vulnerabilities in sys-apps/systemd allow for a PID 1 crash
Product: Gentoo Security Reporter: 489508
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED NEEDINFO    
Severity: normal CC: sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description 489508 2022-01-14 19:19:41 UTC 
As you might know, there is a large security bug in systemd that allows users to crash PID 1, and such, temporarily bork the system (system is borked until reinit). The fallout of this could cause people to lose their work, cause filesystem journals to be corrupted, and the output of replays corrupted, and just all kinds of nasty fallout from a crash. This could cause problems in people's everyday lives. If you did not issue a GLSA, most Gentoo users will probably be vulnerable.
Comment 1 Mike Gilbert gentoo-dev 2022-01-14 19:23:56 UTC 
This bug contains no useful information.

If you are reporting a vulnerability, please include all relevant information.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-14 19:28:16 UTC 
As floppym says, I have no idea what you're referring to here.

You may be referring to bug 830967 (although this is actually exploitable in pretty limited situations), but in any case, we need details and ideally a link to an upstream bug report, or at least a CVE number.

It's already fixed in stable Gentoo too.

GLSA publication is aimed to be resumed soon after some tooling difficulties we've experienced. It's being worked on.